MS-DEFCON 3: Get Microsoft’s patches installed, but watch out

It’s been another wild and woolly month with Microsoft patches. With a huge bunch of patches coming next Black Tuesday, now would be an excellent time to get caught up on your patching.

KB 2949927 has been pulled from the Windows Update list, and I haven’t seen it back yet. Good riddance.

If you have a Windows 8 or 8.1 system that was upgraded in-place from Vista, do NOT install KB 3000061. Should you hit problems with the patch not installing, see the workaround described in my InfoWorld article.

If you use App-V programs, avoid KB 2984972. My original article on the bad patch noted that all of these applications fail if you apply KB 2984972: AutoCAD programs Revit, Navis, DWG TrueView, Frontrange Solutions HEAT 7.2.2, Trillian Astra, FileMakerPro 12, and SnagIt v11. There are certainly others. It’s still unresolved, at least in my mind, if the apps themselves are at fault but, if you haven’t updated your app in the past few weeks, and you are greeted by the message “Launching appname 100%” when you try to run it, this is the culprit. Check out the KB article and follow its instructions, then ask your app vendor for a newer version.

There’s a reported conflict between KB 2995388 and VMWare. Last I heard, VMWare recommended that you not install the patch if you’re using VMWare. I tried to get an official status update but VMWare’s servers keep timing out on me. Oy.

If you have Windows 8, and you do NOT want to move on to Windows 8.1, do NOT install the KB 3008273 “patch.” It’ll automagically install 8.1 for you.

KB 2918614 is still causing problems, but Microsoft created a “precursor” patch called KB 3000988 that solves most of the problems. If you use Windows Update, it’ll get the precursor installed before installing KB 2918614, and at least minimize your chances of getting zapped. So I figure KB 2918614 is finally good to go.

With those cautions, I suggest that you apply all outstanding patches. Why? Because there’s a huge lump of patches coming next Black Tuesday, and now’s as good a time as any to get caught up. The official announcement about 16 anticipated security bulletins for November are on the TechNet site. But that’s only part of the lump. Microsoft has also announced that it has 12 non-security patches coming down the Automatic Update chute, as well. Oh boy.

I’m moving to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

And the usual fine print:

 For those of you who are new to this game, keep in mind that… You should always use Windows Update to install patches; downloading and installing individual patches is a clear sign of impending insanity. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source). I almost never install “Recommended” patches (reader Marty suggests that you uncheck the Windows Update box that says “Give me the recommended updates the same way I receive important updates”). If Windows Update has a patch but the box isn’t checked, DON’T CHECK THE BOX. It’s like spitting in the wind. I use Chrome and Firefox, and only pull out IE when I feel very inclined — but even if you don’t use IE, you need to keep up with its patches.